chore(deps): update terraform cloudposse/cloudfront-s3-cdn/aws to v0.97.0

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
cloudposse/cloudfront-s3-cdn/aws (source)	module	minor	0.95.0 -> 0.97.0
cloudposse/cloudfront-s3-cdn/aws (source)	module	minor	0.92.0 -> 0.97.0

---

Release Notes

cloudposse/terraform-aws-cloudfront-s3-cdn (cloudposse/cloudfront-s3-cdn/aws)

v0.97.0

Compare Source

🚀 Enhancements

feat: Add support for custom Lambda@Edge policies @​jwadolowski (#​333)

what

Execution role associated with Lambda@Edge comes with a hardcoded policy that enables write access to CloudWatch logs. This PR adds support for additional policies. It was implemented in a similar fashion to additional_bucket_policy from the parent module.

why

It's a fairly common situation that a Lambda@Edge function needs access to other AWS services/resources than CloudWatch logs. aws_lambda_function's role argument expects a single role ARN, therefore the only reasonable option is to append new policy statements to the IAM role created in scope of this module.

references

closes #​261

v0.96.2

Compare Source

🚀 Enhancements

Set allowed and cache methods as non nullable @​travis-reed (#​324)

what

Set allowed_methods and cached_methods as non nullable

Setting nullable to false ensures that the variable value will never be null within the module. If nullable is false and the variable has a default value, then Terraform uses the default when a module input argument is null.

why

I want to be able to sometimes call this module with explicit allowed_methods and cached_methods and sometimes just use the module defaults.

As it stands, I cannot do that without making my default value match your default value. It would be better for the module to use its defaults when I pass in null

Right now I am hitting

Error: Missing required argument

  with module.fanx.module.sdp_assets.module.static_cdn.aws_cloudfront_distribution.default[0],
  on /tmp/terraform-data-dir/modules/fanx.sdp_assets.static_cdn/main.tf line 522, in resource "aws_cloudfront_distribution" "default":
 522:     allowed_methods            = var.allowed_methods

The argument "default_cache_behavior.0.allowed_methods" is required, but no
definition was found.

Which I can work around by setting a default on my side, but it isn't ideal behavior

references

• https://developer.hashicorp.com/terraform/language/values/variables#disallowing-null-input-values
• https://stackoverflow.com/questions/72213875/transformer-how-to-call-a-module-with-variables-as-default-value

Additional Notes

I wouldn't consider this a breaking change. Today, the behavior if you pass in null as the argument to the module you will get a failure as shown above. This makes passing in null possible without negatively impacting existing users.

Make sure tags are associated with Lambda functions(#​332)

why

tags argument is not set at all which results in an empty tag list.

references

https://github.com/cloudposse/terraform-aws-cloudfront-s3-cdn/blob/v0.96.1/modules/lambda%40edge/main.tf#L78-L86

v0.96.1

Compare Source

🚀 Enhancements

memory and timeout vars for lambda@edge @​mihaiplesa (#​330)

what

Allow to configure memory size and timeout for Lambda@Edge module.

why

These fields are not configurable now.

references

Resolves https://github.com/cloudposse/terraform-aws-cloudfront-s3-cdn/issues/331

v0.96.0

Compare Source

Adding origin_access_control_id to custom_origins @​jjchiw (#​326)

Adding Origin Access Control Id to Custom Origins

what

Custom Origins didn't have Origin Access Control

Implements this infrastructure

https://aws.amazon.com/blogs/networking-and-content-delivery/image-optimization-using-amazon-cloudfront-and-aws-lambda/

why

Custom Origins didn't have Origin Access Control if we wanted to invoke a lambda we were not able to do it

references

Summary by CodeRabbit

• New Features

  • Enhanced configuration options for custom origins in CloudFront with the addition of origin_access_control_id.
  • Updated variable definitions for custom_origins and s3_origins to include access control ID.

• Bug Fixes

  • Deprecated certain variables to streamline configuration and encourage best practices.

• Documentation

  • Updated documentation to reflect changes in variable structures and configurations.

v0.95.1

Compare Source

Add support for origin-access-control @​rankin-tr (#​319)

what

• add Origin Access Control feature
  • add var.origin_access_type to enable Origin Access Identity or Origina Access Control policy
  • add aws_cloudfront_origin_access_control.default resource
  • add origin_access_control_id argument to origin config on aws_cloudfront_distribution.default
• update example code
• update README

why

• provide the ability to make use of an Origin Access Control
  • retain default origin access identity behavior
• AWS recommends using origin access control
• Origin Access Identities are flagged in AWS Security Hub

references

• Closes #​244
• https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html

🤖 Automatic Updates

Migrate new test account @​osterman (#​322)

what

• Update .github/settings.yml
• Update .github/chatops.yml files

why

• Re-apply .github/settings.yml from org level to get terratest environment
• Migrate to new test account

References

• DEV-388 Automate clean up of test account in new organization
• DEV-387 Update terratest to work on a shared workflow instead of a dispatch action
• DEV-386 Update terratest to use new testing account with GitHub OIDC

Update .github/settings.yml @​osterman (#​321)

what

• Update .github/settings.yml
• Drop .github/auto-release.yml files

why

• Re-apply .github/settings.yml from org level
• Use organization level auto-release settings

references

• DEV-1242 Add protected tags with Repository Rulesets on GitHub

Update .github/settings.yml @​osterman (#​320)

what

• Update .github/settings.yml
• Drop .github/auto-release.yml files

why

• Re-apply .github/settings.yml from org level
• Use organization level auto-release settings

references

• DEV-1242 Add protected tags with Repository Rulesets on GitHub

Update .github/settings.yml @​osterman (#​312)

what

• Update .github/settings.yml
• Drop .github/auto-release.yml files

why

• Re-apply .github/settings.yml from org level
• Use organization level auto-release settings

references

• DEV-1242 Add protected tags with Repository Rulesets on GitHub

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[mergify]

/terratest

[mergify]

Merge Protections

Your pull request matches the following merge protections and will not be merged until they are valid.

🟠 Require terratest

Waiting checks: test/terratest.

This rule require terratest status

• check-success = test/terratest

[mergify]

Heads up! This pull request looks stale. It will be closed soon, if there are no new commits. ⏳

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[mergify]

Heads up! This pull request looks stale. It will be closed soon, if there are no new commits. ⏳

[mergify]

Heads up! This pull request looks stale. It will be closed soon, if there are no new commits. ⏳

[mergify]

Heads up! This pull request looks stale. It will be closed soon, if there are no new commits. ⏳

[mergify]

Heads up! This pull request looks stale. It will be closed soon, if there are no new commits. ⏳

[mergify]

Heads up! This pull request looks stale. It will be closed soon, if there are no new commits. ⏳

[mergify]

Heads up! This pull request looks stale. It will be closed soon, if there are no new commits. ⏳

[mergify]

Merge Protections

Your pull request matches the following merge protections and will not be merged until they are valid.

🟢 Require terratest

Wonderful, this rule succeeded.

This rule require terratest status

• check-success = test/terratest

[gberenice]

/terratest

[github-actions]

There are no real tests for this component. So we set terratest statuses to successful execution without running any tests

[github-actions]

These changes were released in v1.535.1.